As one of the many security features of a mobile device, a self-locking feature enables the mobile device to enter into a locked state when it is not in use for some predetermined amount of time. In the alternative, the device may enter into the lock state when a user provides an input that causes the computing device to enter the locked state. For example, a computing device may lock when the user actuates a lock button on the user screen. In the alternative, the lock state may occur when the system detects a predetermined amount of time has passed since the user has provided input to the device. Among various types of authentication, pattern-based authentication for unlocking the user interface is a popular mechanism for many touchscreen mobile devices. Touchscreens are an increasingly common feature on most personal computing devices, especially smart phones, where size and user interface advances accrue from consolidating multiple hardware components (keyboard, number pad, etc.) into a single software definable user interface. For example, Google's Android® mobile device implements the use of pattern-based authentication for its smart phone product line. The patterns are usually drawn as a sequence of lines connecting a unique set of points in N*N matrix. Once the user has become familiar with the pattern, his brain subconsciously remembers the pattern, which effortlessly enables the user to swipe the screen with this user access pattern. This is what makes pattern based authentication so user friendly. The whole idea behind the marketing of pattern based authentication is that users do not need to “think” in order to draw their authentication pattern, which is the reason for its popularity.
Pattern-based authentication, however, has a serious security issue. As the user swipes his finger across the user interface, oily residues, or smudges, on the touchscreen surface exist. When the mobile device is tilted at some position or angle, the smudge marks which result from drawing the user access pattern on the user interface of the mobile device can be highly visible particularly when the pattern is used frequently and does not change or when no other user actions/swipes are carried out after a successful screen unlock of the mobile device.
This makes it easy for hackers to guess the actual user access pattern using simple cameras and image processing software. In some cases, the user access pattern may be seen using the naked eye. This activity is commonly referred to as a “smudge attack.” Under proper lighting and camera settings, the finger smudges can be easily detected and the heaviest smudges can be used to infer the user input pattern (user access pattern). Therefore, it is important to prevent smudge attacks on mobile devices having touchscreen features.
Some conventional mobile devices may provide a feature including changing the orientation of the N*N matrix in an effort to prevent a smudge attack. In the alternative, some devices may alert the user to wipe the screen after unlock in the device. Other devices use a numeric pad for unlock the device. Randomly positioned colors on a color wheel, where the user is solicited to select the colors randomly, is another solution to work around a smudge attack. Alternatively, the user may be solicited to select randomly positioned pictures or a custom pattern within the grid. Where these solutions fail is that all of the above solutions require a user to think every time the unlock user interface appears. Researchers have found that users find these difficult and, as a result, the user often provides an incorrect pattern. Consequently, these solutions may require the user to process through multiple attempts in an effort to authenticate successfully. It is within this context that the embodiments arise.